The Federal Trade Commission (FTC) announced Tuesday a proposed settlement with Facebook. The action stems from allegations that the social network "deceived consumers by telling them they could keep their information on Facebook private, and then repeatedly allowing it to be shared and made public," according to the FTC.

Facebook had labeled some of those privacy changes as its response to consumers who were clamoring for a simpler way to control their privacy settings. But the Electronic Privacy Information Center (EPIC) and other consumer-rights group saw it differently and filed complaints with the FTC, which investigated Facebook and hit it with an eight-count indictment.

"Facebook is obligated to keep the promises about privacy that it makes to its hundreds of millions of users," said Jon Leibowitz, the chairman of the FTC, in a statement announcing the settlement. "Facebook's innovation does not have to come at the expense of consumer privacy. The FTC action will ensure it will not."

Here, then, are some security and privacy changes to expect from Facebook in the wake of the settlement:

1. Privacy settings won't revert: Privacy groups, including EPIC, had called on the FTC to "restore users' privacy settings to pre-2009 levels," and then obtain explicit consent from users to change those settings. Instead, Facebook gets to keep its most recent privacy settings, which expose most private information by default, in place.

2. Consumers will opt-in to future changes: Going forward, according to the FTC settlement, Facebook will be "required to obtain consumers' affirmative express consent before enacting changes that override their privacy preferences."

3. Breaking up will be easier: The FTC settlement also requires that Facebook "required prevent anyone from accessing a user's material more than 30 days after the user has deleted his or her account."

4. Little contrition: Commenting on the settlement, "I'm the first to admit that we've made a bunch of mistakes," said Facebook founder and CEO Mark Zuckerberg in a blog post. But he argued that on balance, Facebook had offered a good balance of "transparency and control over who can see your information," despite a few missteps. "In particular, I think that a small number of high profile mistakes, like Beacon four years ago and poor execution as we transitioned our privacy model two years ago, have often overshadowed much of the good work we've done," he said.

5. Internal processes get more privacy-centric: "The FTC also recommended improvements to our internal processes," said Zuckerberg in his blog post. "We've embraced these ideas, too, by agreeing to improve and formalize the way we do privacy review as part of our ongoing product development process. As part of this, we will establish a biannual independent audit of our privacy practices to ensure we're living up to the commitments we make." That's necessary, since Facebook must submit to third-party audits beginning in 180 days, followed by once every two years, to ensure that its privacy program complies with the FTC settlement requirements.

6. Facebook faces $16,000 fines: The FTC settlement says that Facebook will be hit with a $16,000 fine for every violation. For a company that's valued at about $100 billion, that's pocket change. But multiplying the number of affected users by the violation could result in steep penalties, not to mention bad publicity.

7. Facebook adds privacy executives: Zuckerberg announced that attorney Erin Egan will fill the company's new "chief privacy officer for policy" role, while Facebook's current chief privacy counsel, Michael Richter, will become its "chief privacy officer for products." According to Zuckerberg, Richter and his team "will work to ensure that our principles of user control, privacy by design, and transparency are integrated consistently into both Facebook's product development process and our products themselves," which paraphrases what the FTC settlement requires.

8. Facebook likely won't stumble again: Did the government get a fair deal out of Facebook? Will Facebook learn to not run afoul of the FTC in the future? In response to both questions, it's interesting that the social network now counts former FTC chair Timothy Muris as a lobbyist, while former FTC commissioner Mozelle Thompson is Facebook's "chief privacy adviser," reported Gawker. The implication: One way or another, don't expect Facebook to get caught over future privacy changes.

I don't know if it's a fair deal or not, but having some black and white terms regarding privacy and clear penalties - here's hoping that the $16K will be multiplied per affected user, like you suggest - can only be a good thing when you consider that Facebook may be filing for an IPO in the very near future. Someone has to reign them in. Once they're public, will they be able to resist the lure of short-term profits and continue to think long-term about user experience? I don't know, but it scares me. I just don't want the things mentioned in this article - Will Facebook Be Free Forever? http://blog.sfcopywriter.com/2... - to come true.

There are still important facts left out of this. The settlement doesnG«÷t stop Facebook from talking you all over the internet. I wonG«÷t argue that this isnG«÷t a fair step in the right direction, but what about protecting us everywhere else? More on the tracking side of the story here: http://www.abine.com/wordpress...

Published: 2015-03-31The build_index_from_tree function in index.py in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a commit with a directory path starting with .git/, which is not properly handled when checking out a working tree.